Can I use Windows 7's "Network Logon" feature to log into a VPN managed by the AuthAnvil RADIUS server before logging on to Windows?

Issue

When you use Windows 7's "Network Logon" feature to log into a VPN managed by the AuthAnvil RADIUS server before logging on to Windows it fails.

Cause

Due to the way that Microsoft's Windows 7 Credential Provider handles network logons, you cannot use the AuthAnvil RADIUS server to directly support this behavior. What is happening is that the credential provider will do a VPN logon, then, once the VPN has connected, will try to authenticate to Active Directory using the same credentials, and fail with a "Bad Username/Password" error. Since there is no point during the logon process where you can specify alternate credentials, you can't use an AuthAnvil Passcode as part of this process.

Resolution

A normal domain logon will still work if the user's profile is already located on the machine, or the machine is already connected to the VPN. To provision a new user profile on a machine that the user has never logged on to before, you can connect the machine to the VPN while logged on as another user (either local or domain), then lock the computer. This will keep the VPN connection active. You can then click "Switch User" and log on using the domain account that you want to provision. In future, you can log directly on to this user account and connect to the VPN after logon.

Affects

All version of the AuthAnvil RADIUS server working with Windows 7.

Questions?

If you have any questions or need some help, we would be happy to assist. Open a case at kaseya.zendesk.com .